Smart Card Authentication

LastPass has experimental support for smart card readers as a Premium feature. Currently, only computers running Windows, Mac OS X, or Linux, SafeSign middleware, and Internet Explorer, Firefox, or Chrome support this feature. Safari and Opera can be supported by installing an additional binary component.

OpenSC is also supported as an alternative to SafeSign (currently only on Windows). Please note that since some browsers still run in 32-bit mode even on 64-bit versions of Windows, you may need to install both the 64-bit and 32-bit versions of OpenSC.

For Windows, please ensure aetpkss1.dll or opensc-pkcs11.dll is present on your system (typically in C:\Windows\System32).

For Mac OS X, please ensure libaetpkss.dylib is present on your system (typically in /usr/local/lib).

For Linux, please ensure libaetpkss.so is present on your system (typically in /usr/lib).

Make sure a smart card is inserted into your card reader before attempting to enable smart card authentication. Also, make sure an RSA key is present on your smart card. This RSA key must be capable of encryption and decryption so that LastPass can verify your card’s security.

Enable Smart Card Authentication

To enable smart card authentication:

Open a supported browser with the latest LastPass extension installed.

Log in to LastPass as a Premium user.

Go to LastPass button -> My LastPass Vault.

Click Account Settings.

Go to Multifactor Options.

Choose the Card Reader Authentication option.

Enable Card Reader.

Enter your LastPass master password, then follow the rest of the prompts on the screen.